Hello Jason -
On Wed, 17 Nov 1999, Jason Kao wrote:
> After reading Radiator radius server manual and searching the FAQ and mail
> archives, I still can not get the clear picture. My question is
>
> If I am planning to use group in order to reply different reply items for
> different group, do I have to use AuthBy Unix which in turn will
> use /etc/group file in the box which I am running the radius server?
>
You can use AuthBy UNIX (to use the files directly), AuthBy SYSTEM (to use the
system calls) or AuthBy PAM (to use PAM directly).
> I will use AuthBy File or AuthBy PAM on SUN solarius 7. According to the
> manual 13.1.6 group can only work with AuthBy Unix or AuthBy NT.
>
The way to do this is with chained (or nested if you prefer that term) AuthBy's.
Something like this:
# set up AuthBy PAM with an identifier so it can be called by Auth-Type
<AuthBy PAM>
Identifier Check-PAM
....
</AuthBy>
# set up a Realm or handler to use AuthBy FILE
<Handler ....>
<AuthBy FILE>
Filename %D/users
</AuthBy>
</Handler>
And in your users file:
# set up DEFAULT entries to use AuthBy PAM and check groups
# return attributes from corresponding DEFAULT
DEFAULT Auth-Type = Check-PAM, Group = *thisgroup*
Service-Type = ....
....
DEFAULT Auth-Type = Check-PAM, Group = *thatgroup*
Service-Type = ....
....
DEFAULT Auth-Type = Check-PAM, Group = *someothergroup*
Service-Type = ....
....
Using this approach allows you to recognise different groups and return
different reply attributes in consequence.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
